[lug] So much for VMware

[Nate Duehr]

Sean Reifschneider wrote:
> On Tue, Nov 28, 2006 at 05:55:56PM -0700, Collins Richey wrote:
>> Yeah, but almost no one has a chipset that supports it.
> 
> The first system I got that supported VT virtualization was almost a
> year ago.  That was a 900 series Pentium D.  These days, most Intel CPUs
> support it.  The machine I built yesterday does, as does efm's laptop.  So,
> it's not THAT uncommon.

There were some interesting theoretical exploits published recently for 
hardware virtualization schemes and machines.

The general idea being:  If you could attack the machine that was NOT 
running virtualized and quickly switch the running OS into a virtualized 
state, then you could run whatever you wanted in another virtualized OS.

And since many hardware manufacturers have started to purposely make it 
VERY difficult to tell if your virtualized OS is running virtualized 
(ostensibly for security reasons, ironically enough) -- if you can 
control the hardware virtualization, then you've effectively hidden 
yourself from the box's rightful owner (if they're not bothering to 
watch their network traffic, etc.).

Whether or not we'll see this kind of shenannigans catch on as a serious 
threat looks doubtful right now, and at least a few folks figured out 
some non-perfect ways to detect whether or not the OS was virtualized 
(clocking changes a bit, etc...), but it's certainly funny when 
engineers don't think about things like this...

If you create a way to hide virtual machines from each other in 
HARDWARE... so the running OS isn't allowed to know.

And try very hard to hide the fact that you've got multiple virtuals 
running...

Where do you want your code to be running if you're a cracker?

The hidden part of the machine, of course.

Seems like a "DUH moment" to me.  And another example of Marketing 
demands driving bad engineering.  People, trade rags, everything 
shouting "virtualization is great!" ... then the reality starts to set in.

Nate